PURPOSE

tpusradd - add a new principal on the system

SYNOPSIS

TUXCONFIG=tuxconfig tpusradd  [-u uid ] [-g gid] [-c client_name] usrname

DESCRIPTION

Invoking tpusradd adds a new principal (user or domain) entry to the TUXEDO security data files. This information is used for per-user authentication with the AUTHSVR(5) server. A TUXEDO configuration with SECURITY set to USER_AUTH, ACL, or MANDATORY_ACL must be created before running this command successfully.

The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options may exceed this limit.

The following options are available:

-u uid

The user identification number. uid must be a positive decimal integer below 128K. uid must be unique within the list of existing identifiers for the application. uid defaults to the next available (unique) identifier greater than 0.

-g gid

An existing group's integer identifier or character-string name. This option defines the new user's group membership It defaults to the "other" group (identifier 0).

-c client_name

A string of printable characters that specifies the client name associated with the user. If specified, it generally describes the role of the associated user, and provides a further qualifier on the user entry. It may not contain a colon (:) or a newline (\n). If not specified, the default is the wildcard '*' which will authenticate successfully for any client name specified.

usrname

A string of printable characters that specifies the new login name of the user. It may not contain a colon (:), pound sign (#), or a newline (\n). The user name must be unique within the list of existing users for the application.

The administrator is prompted for an initial password to be associated with the user.

Before running this command, the application must be configured using either the graphical user interface or tmloadcf(1). tpusradd must be be run on the configuration MASTER if the application is not active; if active, this command can run on any active node.

See AUTHSVR(5) for further information about per-user authentication and configuring administrator permissions.

PORTABILITY

This command is available only on non-/WS sites running TUXEDO System/T Release 6.0 or later.

DIAGNOSTICS

The tpusradd command exits with a return code of 0 upon successful completion.

EXAMPLES

The following sequence of command invocations shows the construction of a simple user file.

$ # 1. Add usrname foo with wildcard cltname and no uid
$ tpusradd -c '*' foo
$ # 2. Add usrname foo with cltname bar and uid 100
$ tpusradd -u 100 -c bar foo
$ # 3. Add usrname foo with tpsysadm cltname and no uid
$ tpusradd -c tpsysadm foo

The following table shows the user entry (indicated by numbers shown above) used to authenticate various requests for access to the application and the associated uid/gid. N/A indicates that the request is disallowed because no user file entry exists to be matched against.

Usrname Cltname Password Entry  Uid     Gid
------- ------- --------------  ---     ---
"foo"   "bar"         2         100     0
"foo"   ""            1         1       0
"foo"   "tpsysadm"    3         0       8192
"guest" "tpsysadm"   N/A        N/A     N/A

Lastly, following is an example *SERVERS section entry for an instance of AUTHSVR that works with the user file generated above.

AUTHSVR SRVGRP=G SRVID=1 RESTART=Y GRACE=0 MAXGEN=2 CLOPT="-A"

SEE ALSO

tpgrpadd(1),


BEA TUXEDO Administrator's Guide